Protect yourself from imaginary Mac viruses for FREE with ClamXav

What the –? The MyDoom virus?!??! Well, that’s what you get for keeping mail from 2007…

As a Mac user there’s no greater feeling than hearing that a Windows-using friend of yours has lost important data due to a virus. Oh sure, you feel a little bad for them, but odds are as a Mac user of any length of time, you’ve smugly told them at least a couple times before how much you love your Mac and how great it is to no longer have to worry about things like viruses and Trojans and such, and they just didn’t listen. But as good as being able to say “I told you so” feels, you’d still feel like a royal ass if it turned out that it was YOU who passed the virus on to them, right?

“Wait,” you say” “How could I give them a virus? I’m a on a Mac!” True. But while at the moment you personally can’t be harmed by an e-mail attachment, that doesn’t mean you can’t accidentally pass it along to your Windows loving friends. Sure, it’s not YOUR job to keep them safe, but hey, like it or not the majority of the world still uses Windows, and a little internet common courtesy never hurt anyone. Besides, while it’s nice to think Macs are invulnerable to attack, ALL computers are susceptible to e-mail phishing attacks, and the truth is it’s only a matter of time before a hacker from some former Soviet Union republic gets bored of writing Windows viruses and turns his attention to the Mac OS. And remember, if you’re a user of a Windows emulator like Parallels or Fusion, believe it or not you’re now as vulnerable to a Windows virus as the rest of the world (although it should be sandboxed and not able to hurt your Mac files, it can still wreak havoc on your PC files).

Of course, a 1 in a million chance of getting a virus and the good internet Samaritan syndrome doesn’t mean you need to run out and drop $100 on a Mac anti-virus program – there’s a perfectly capable, AND FREE Mac anti-virus app out there called ClamXav.

Odds are the majority of hits ClamXav will return are harmless e-mail fishing attacks you’re probably ignoring, but it’s still nice to know who’s out to get you.

ClamXav has been around for a few years, but given how many recent Mac converts there’ve been in the last couple of years, I figured I’d do a quick run through of the software for those of you who are unfamiliar with it.

ClamXav is a graphical user interface built by developer Mark Allan around the open source ClamAV antivirus engine, a staple of Unix e-mail systems. Over the years ClamXav has made great strides in both speed and its GUI development, and while ClamXav isn’t quite as full-featured or pretty as some commercial anti-virus products, odds are it will more than fill the needs of the average Mac user. In fact in my test, it even found a virus on my machine that VirusBarrier missed.

ClamXav has most of the must-have features of any good virus program, such as scheduling, the ability to quarantine infected files, and set up watch folders. You can also scan any file folder or disk simply by right-clicking on it in the Finder via ClamXav’s contextual menu.

If you’re running Snow Leopard, the set up is pretty straight forward, more or less consisting of a log out/log in to get it going (for older versions of the OS you may need to manually install a library file to enable the contextual menu). If you enable ClamXav’s real-time folder monitoring (dubbed Sentry) you’ll have to do another logout for the changes to take effect. I find it’s a good idea to add your downloads folder to the Sentry list, as for the most part that’s the one place a virus or malware is likely to end up, and for review purposes, I end up downloading a ton of bizarre software from no-name developers.

The software will attempt to update its virus definitions upon launch, ensuring you are always up to date against the most recent threats (well, the most recent Windows threats, actually, as there is still really only one Mac OS X virus, and if memory serves I think it’s still only a proof of concept).

The Scheduling feature allows you to set a specific time and day for automated scans, as well as the ability to select specific directories to scan.

The Sentry feature allows you to set up specific folders that ClamXav should keep an eye on. The Downloads folder is a good candidate for this. There is some danger in selecting your Mail folder however (see “ISSUES”). You can also opt for letting ClamXav quarantine suspicious/infected files, or if you’re feeling really trusting, just flat out delete them.

The Advanced window frightens me, and I just leave it alone.

Issues

There are two issues you should be aware of with ClamXav. The first is if you set ClamXav to scan volumes automatically on insert, you’ll notice a huge drain on your CPU every time you insert a firewire drive. I personally noticed about a 96% CPU hit on average, which isn’t horrible when you have a multiprocessor system where 200% is (oddly) available to you, but still not insignificant. To get around this I ran ClamXav once on all my external drives, then left this feature unchecked once I was sure my drives were clean. The other thing to look out for is ClamXav’s quarantine feature. While in general this can be a good idea to help sandbox a virus, it can cause more problems than it solves depending on the type of file the virus is embedded in. For example, ClamXav’s documentation mentions that the software views a single mail message with an infected file as part of the larger MAILBOX file (not FOLDER), so it might move your entire inbox into quarantine. I did not experience this in my tests, but since it’s in the documentation, I figured I would mention it. I use Mac OS X’s Mail app, so maybe it is referring to the way ClamXav views Eudora or Thunderbird or something. The good news is when ClamXav returns a list of mail messages with phishing links, viruses, etc, you can simply right click on them and hit DELETE to move them individually to the Trash for deletion.

Conclusion

The only thing worse than spending a lot of money on Antivirus software you probably don’t need is getting a virus, and ClamXav has got you covered on both fronts. Despite being 100% free (donation appreciated) the software is very powerful, relatively quick, and in my tests did a great job of not only finding innocuous Windows viruses in old e-mail attachments on my system, but also identifying the more universally offensive e-mail phishing attacks. If you are currently sitting there, smugly thinking yourself bulletproof, it might be worth downloading ClamXav just to make sure you don’t have any hidden junk lurking on your system. And no, “Word” is not technically a virus.

Price: Free (Donations appreciated)Pros: Fast, up to date virus detection, scheduling/quarantine supported, FREE,Cons: Quarantine can be a little tricky, can be a bit of a resource hog if you allow it to auto-scan external/network drives, doesn’t provide many of the web and port attack monitoring features of paid apps

Every once in a while my system will slow to a crawl, and it turns out that ClamXav (1.1.1) is running a full check. I’ve never let it finish, because it appears it will take about 37 days for a full sweep of my 60GB notebook drive.

But I still leave Sentry running because it does pick up a few things here and there., most often in an email from a Windows user. None of these has ever been a threat to my Mac, but I scrub the email and let the sender know about it. At the least, it prevents me from unwittingly sending a virus along to someone else.